System and method for restricting access to an enterprise network

US 20060026686A1
Filed: 07/30/2004
Published: 02/02/2006
Est. Priority Date: 07/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for restricting access to an enterprise network, comprising:

determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network; and

providing an indication to a human if it is determined that the computer has one or more malicious code items.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect of the invention is a method for restricting access to an enterprise network that includes determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items where the computer accompanies a visitor to a facility associated with the enterprise network. An indication is provided to a human if it is determined that the computer has one or more malicious code items.

33 Citations

View as Search Results

44 Claims

1. A method for restricting access to an enterprise network, comprising:
- determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network; and
  
  providing an indication to a human if it is determined that the computer has one or more malicious code items.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein determining whether the computer has one or more malicious code items comprises performing a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 3. The method of claim 1, further comprising:
    - determining whether code associated with one or more programs running on the computer is of a preferred version; and
      
      applying a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 4. The method of claim 3, further comprising:
    - receiving version information associated with the code from the computer; and
      
      comparing the version information to information associated with the preferred version.
  - 5. The method of claim 4, wherein the code comprises an antivirus software application.
  - 6. The method of claim 1, further comprising establishing a communication path between the computer and a security verification station associated with the enterprise network.
  - 7. The method of claim 6, wherein the security verification station is located in the facility associated with the enterprise network.
  - 8. The method of claim 6, wherein the security verification station comprises a stand-alone device that is isolated from the enterprise network.
  - 9. The method of claim 6, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 10. The method of claim 6, wherein establishing a communication path between the computer and the security verification station comprises coupling a port of the security verification station to a port of the computer.
  - 11. The method of claim 6, wherein establishing a communication path between the computer and the security verification station comprises establishing a wireless communication path between the computer and the security verification station.
  - 12. The method of claim 1, further comprising:
    - associating an identifier with the computer, the identifier indicating whether or not the determining step identified one or more malicious code items;
      
      communicating the identifier from the security verification station to the enterprise network over a communication path; and
      
      storing the identifier in a database associated with the enterprise network.
  - 13. The method of claim 1, further comprising providing a digital certificate to the computer, the digital certificate indicating whether or not the determining step identified one or more malicious code items.
  - 14. The method of claim 1, further comprising indicating to a user that the computer is corrupted if the determining step identified one or more malicious code items.
  - 15. The method of claim 1, further comprising printing a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.
  - 16. The method of claim 1, further comprising printing a label to adhere to the computer to identify the computer as having failed an inspection for malicious code items.
  - 17. The method of claim 16, further comprising adhering the label to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 18. The method of claim 1, further comprising placing a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 19. The method of claim 1, further comprising applying a remedial measure to the computer if the determining step identified one or more malicious code items.
  - 20. The method of claim 19, wherein applying the remedial measure comprises removing a file associated with a malicious code from the computer.
  - 21. The method of claim 19, further comprising receiving payment information from a user associated with the computer before applying the remedial measure.
  - 22. The method of claim 1, further comprising performing a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

23. A system for restricting access to an enterprise network, comprising:
- an enterprise network; and
  
  a security verification station associated with the enterprise network, the security verification station at least partially isolated from the enterprise network and operable to;
  
  determine whether a computer that may be connected to the enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network; and
  
  provide an indication to a human if it is determined that the computer has one or more malicious code items.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 24. The system of claim 23, wherein the security verification station is operable to perform a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 25. The system of claim 23, wherein the security verification station is operable to:
    - determine whether code associated with one or more programs running on the computer is a preferred version; and
      
      apply a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 26. The system of claim 25, wherein the security verification station is further operable to:
    - receive version information associated with the code from the computer; and
      
      compare the version information to information associated with the preferred version.
  - 27. The system of claim 26, wherein the code comprises an antivirus software application.
  - 28. The system of claim 23, wherein the security verification station is operable to establish a communication path between the computer and a security verification station associated with the enterprise network.
  - 29. The system of claim 28, wherein the security verification station is located in the facility associated with the enterprise network.
  - 30. The system of claim 28, wherein the security verification station comprises a stand-alone device that is isolated from the enterprise network.
  - 31. The system of claim 28, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 32. The system of claim 28, wherein a port of the security verification station is operable to couple to a port of the computer to establish a communication path between the computer and the security verification station.
  - 33. The system of claim 28, wherein the security verification station is operable to establish a wireless communication path between the computer and the security verification station.
  - 34. The system of claim 23, wherein the security verification station is further operable to:
    - associate an identifier with the computer, the identifier indicating whether or not the security verification station determined that the computer has one or more malicious code items;
      
      communicate the identifier from the security verification station to the enterprise network over a communication path; and
      
      store the identifier in a database associated with the enterprise network.
  - 35. The system of claim 23, wherein the security verification station is further operable to provide a digital certificate to the computer, the digital certificate indicating whether or not the security verification station determined that the computer has one or more malicious code items.
  - 36. The system of claim 23, wherein the security verification station is further operable to indicate to a user that the computer is corrupted if the security verification station determined that the computer has one or more malicious codes.
  - 37. The system of claim 23, wherein the security verification station is further operable to print a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.
  - 38. The system of claim 23, wherein the security verification station is further operable to print a label to adhere to the computer to identify the computer as having failed an inspection for malicious code items.
  - 39. The system of claim 38, wherein the label is adapted to be adhered to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 40. The system of claim 23, wherein the security verification station is further operable to place a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 41. The system of claim 23, wherein the security verification station is further operable to apply a remedial measure to the computer if the security verification station determined that the computer has one or more malicious code items.
  - 42. The system of claim 41, wherein, when applying the remedial measure, the security verification station is further operable to remove a file associated with a malicious code from the computer.
  - 43. The system of claim 41, wherein the security verification station is further operable to receive payment information from a user associated with the computer before applying the remedial measure.
  - 44. The system of claim 23, wherein the security verification station is further operable to perform a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Trueba, Luis Ruben Zapien

Granted Patent

US 7,509,676 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

System and method for restricting access to an enterprise network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

44 Claims

Specification

Use Cases

Quick Links

Others

System and method for restricting access to an enterprise network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

44 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others